LeakIX - Host wixapp-test.cookiebot.dev

Domain wixapp-test.cookiebot.dev

The Netherlands

Akamai International B.V.

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.19.194.18
Domain: wixapp-test.cookiebot.dev
Port: 443
URL: https://wixapp-test.cookiebot.dev

First seen 2025-11-01 09:09
Last seen 2026-01-23 05:27
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c5a353206c0397b6c3e0c909c3dda5e77a505d98

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Banner/customComponent/{id}
GET /Banner/{appInstanceId}/components
GET /Banner/{appInstanceId}/customComponents
GET /OAuth/authorized
GET /OAuth/install
GET /OnboardingSteps/steps
GET /WixAdapter/scan/getScanResult
GET /WixAdapter/webhooks/ScanResultReady
GET /WixApi/instance/{appInstanceId}
GET /WixApi/instance/{appInstanceId}/activeScans
GET /WixApi/{appInstanceId}/bannerState
GET /WixScripts/cmpConfig/{appInstanceId}
GET /WixScripts/getScriptParam
GET /installations/showOnboardingBanner
GET /installations/supportedLanguages
GET /installations/v2/{appInstanceId}/translation
GET /installations/{appInstanceId}/billing-history
GET /installations/{appInstanceId}/configuration
GET /installations/{appInstanceId}/is-paid
GET /installations/{appInstanceId}/languages
GET /installations/{appInstanceId}/notifications
GET /installations/{appInstanceId}/translation
GET /installations/{appInstanceId}/translation/legal-notice
GET /installations/{appInstanceId}/usage
GET /instances/v1/instance/{appInstanceId}
GET /plans
GET /pricing/redirect
GET /wix-billing/checkout
GET /wix-billing/checkout-fixed-7-euro
GET /wix-billing/metered-billing-charges
POST /Authentication/refreshToken
POST /Authentication/signIn
POST /OnboardingSteps/show/{show}
POST /OnboardingSteps/steps/{stepId}/complete/{complete}
POST /WixAdapter/scan/start
POST /WixScripts/setScriptParam
POST /admin-ui/activescans/{appInstanceId}/clear
POST /admin-ui/installations/{appInstanceId}/reinstall
POST /admin-ui/notifications/global-upgrade
POST /events/clicks/upgrade-button
POST /events/pricing/page-opened
POST /installations
POST /installations/{appInstanceId}/notifications/read
POST /logs
POST /wix-billing/v1/charge-limit
POST /wix-billing/v1/charges
POST /wixWebhooks/instanceAppInstalled
POST /wixWebhooks/instanceAppRemoved
POST /wixWebhooks/paidPlanAutoRenewalCancelled
POST /wixWebhooks/paidPlanChanged
POST /wixWebhooks/paidPlanPurchased
POST /{appInstanceId}/recommendations/ignore
PUT /Banner/{appInstanceId}/customComponent
PUT /WixScripts/cmpConfig
PUT /WixScripts/consentConfiguration/{wixConsentConfigId}

Found on 2026-01-23 05:27

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c5a353206c0397b6c3e0c909c3dda5e701ba22b6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Banner/customComponent/{id}
GET /Banner/{appInstanceId}/components
GET /Banner/{appInstanceId}/customComponents
GET /OAuth/authorized
GET /OAuth/install
GET /OnboardingSteps/steps
GET /WixAdapter/scan/getScanResult
GET /WixAdapter/webhooks/ScanResultReady
GET /WixApi/instance/{appInstanceId}
GET /WixApi/instance/{appInstanceId}/activeScans
GET /WixApi/{appInstanceId}/bannerState
GET /WixScripts/cmpConfig/{appInstanceId}
GET /WixScripts/getScriptParam
GET /installations/showOnboardingBanner
GET /installations/supportedLanguages
GET /installations/v2/{appInstanceId}/translation
GET /installations/{appInstanceId}/billing-history
GET /installations/{appInstanceId}/configuration
GET /installations/{appInstanceId}/is-paid
GET /installations/{appInstanceId}/languages
GET /installations/{appInstanceId}/notifications
GET /installations/{appInstanceId}/translation
GET /installations/{appInstanceId}/translation/legal-notice
GET /installations/{appInstanceId}/usage
GET /instances/v1/instance/{appInstanceId}
GET /plans
GET /wix-billing/checkout
GET /wix-billing/checkout-fixed-7-euro
GET /wix-billing/metered-billing-charges
POST /Authentication/refreshToken
POST /Authentication/signIn
POST /OnboardingSteps/show/{show}
POST /OnboardingSteps/steps/{stepId}/complete/{complete}
POST /WixAdapter/scan/start
POST /WixScripts/setScriptParam
POST /admin-ui/activescans/{appInstanceId}/clear
POST /admin-ui/installations/{appInstanceId}/reinstall
POST /admin-ui/notifications/global-upgrade
POST /events/clicks/upgrade-button
POST /events/pricing/page-opened
POST /installations
POST /installations/{appInstanceId}/notifications/read
POST /logs
POST /wix-billing/v1/charge-limit
POST /wix-billing/v1/charges
POST /wixWebhooks/instanceAppInstalled
POST /wixWebhooks/instanceAppRemoved
POST /wixWebhooks/paidPlanAutoRenewalCancelled
POST /wixWebhooks/paidPlanChanged
POST /wixWebhooks/paidPlanPurchased
POST /{appInstanceId}/recommendations/ignore
PUT /Banner/{appInstanceId}/customComponent
PUT /WixScripts/cmpConfig
PUT /WixScripts/consentConfiguration/{wixConsentConfigId}

Found on 2025-11-22 14:39

Create report

Open service 2.19.194.18:443 · wixapp-test.cookiebot.dev

2026-01-23 05:27

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Kestrel
ETag: "1dc8b9bfc1998a0"
Last-Modified: Thu, 22 Jan 2026 12:38:18 GMT
X-Kong-Upstream-Latency: 2
X-Kong-Proxy-Latency: 1
X-Kong-Request-Id: 36869c58e769151d538a27771d4fa16f
Date: Fri, 23 Jan 2026 05:27:14 GMT
Content-Length: 416
Connection: close

Page title: Wix

<!doctype html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
        <title>Wix</title>
      <script type="module" crossorigin src="/assets/index-D7ssEMTB.js"></script>
      <link rel="stylesheet" crossorigin href="/assets/index-DwAmfROW.css">
    </head>
    <body>
        <div id="root"></div>
    </body>
</html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.19.194.18:443 · wixapp-test.cookiebot.dev

2026-01-09 10:44

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Kestrel
ETag: "1dc80a315521fa0"
Last-Modified: Thu, 08 Jan 2026 13:31:24 GMT
X-Kong-Upstream-Latency: 4
X-Kong-Proxy-Latency: 0
X-Kong-Request-Id: c50cac7df3eefb11a5f8ee6933cd7766
Date: Fri, 09 Jan 2026 10:44:20 GMT
Content-Length: 416
Connection: close

Page title: Wix

<!doctype html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
        <title>Wix</title>
      <script type="module" crossorigin src="/assets/index-BpL_mfet.js"></script>
      <link rel="stylesheet" crossorigin href="/assets/index-DwAmfROW.css">
    </head>
    <body>
        <div id="root"></div>
    </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

wixapp-test.cookiebot.dev

Fingerprint:

246747f8362263435660fc1ff0c5ebdbe6e850d057b49b27b58d2ea804caf089

CN:

wixapp-test.cookiebot.dev

Key:

ECDSA-256

Issuer:

Not before:

2026-01-06 08:21

Not after:

2026-04-06 08:21

Domain summary

wixapp-test.cookiebot.dev 3

1 recorded

IP summary

2.19.194.18 2 2.16.183.73 1

2 recorded